Authors: Liu Honglin, Jin Jianzhi
The Chinese cross-chain bridge project Multichain was involved in criminal activities, and the CEO and others were taken away by the Chinese police for investigation, causing a sudden drop in the token's value overnight. Can cross-chain technology really not be developed in China?
Founder Arrested, Project Forced to Halt Operations
On May 21, 2023, Zhao Jun, the CEO of the well-known cross-chain project Multichain, was taken away by the domestic police from his home and lost contact with the global Multichain team. The team contacted the MPC node operators and learned that their access keys to the MPC node servers had been revoked.
Subsequently, the special task force contacted Zhao Jun's family and learned that all of Zhao Jun's computers, phones, hardware wallets, and mnemonic phrases had been confiscated. Since the start of the project, all operational funds and investor investments had been controlled by Zhao Jun.
On June 4, Zhao Jun's family successfully logged into the home computer on the cloud server platform and only allowed Multichain team engineers to physically access the home computer to fix the technical issues with Router2 and Router5.
On July 9, Zhao Jun's sister transferred the remaining user assets in the router pool and subsequently notified the team and multiple project parties. These funds were transferred to an EOA address controlled by Zhao Jun's sister.
On July 13, based on the information provided by Zhao Jun's family, the police took Zhao Jun's sister away.
According to the monitoring by SlowMist, since July 7, a total of $265 million has flowed out of Multichain, distributed across Ethereum, BNB Chain, Polygon, Avalanche, Arbitrum, Optimism, Fantom, Cronos, and Moonbeam chains. Of this, $65.82 million has been frozen by Circle and Tether, and 1,296,990.99 ICE (approximately $1.62 million) has been burned by the token issuer.
According to public information, Multichain was established in July 2020 and received a $60 million financing in December 2021. Investment institutions include Binance Labs, Sequoia Capital, IDG Capital, Three Arrows Capital, DeFiance Capital, TRON Foundation, Hashkey Capital, Circle, Hypersphere Ventures, Primitive Ventures, and Magic Ventures.
What Is Blockchain Cross-Chain?
The rapid development of public chains is closely related to the increasing popularity and innovation of blockchain technology. According to exaggerated data, there may currently be hundreds of existing public chains, each with different communication protocols, consensus rules, and governance models. Well-known public chains include Bitcoin, Ethereum, Solana, Binance Smart Chain (BSC), and many other projects based on different consensus mechanisms and technical architectures. Each public chain has its unique characteristics, advantages, and application scenarios. Therefore, the interoperability between different blockchains, allowing users to achieve asset and information transfer between chains, has become an inevitable product of cross-chain technology.
Cross-chain technology is a key technology in the blockchain industry, aiming to solve the issues of data circulation, asset transfer, and value interoperability between different blockchains. The underlying technology of cross-chain technology is quite complex. For non-technical personnel, cross-chain technology can be understood with a simple example. In most cases, when a user wants to transfer assets from Chain A to Chain B, they need to first deposit the assets into the designated address of the cross-chain technology on Chain A. Subsequently, when the bridge's detector receives this information, it will mint an equivalent amount of wrapped tokens on Chain B, or convert the cross-chain assets into the native assets of the target chain by establishing a fund pool on the target chain, and finally deposit the funds into the user's account on Chain B.
The most concerning issue with cross-chain technology is security. For cross-chain entrepreneurs, both the project and personal safety are important.
Legal Risks of Project Attacks
Security incidents in the field of cross-chain technology are not uncommon. On July 3, 2021, the contract of the cross-chain project Chainswap was attacked, and some user tokens were withdrawn from wallets interacting with ChainSwap, resulting in a total loss of approximately $800,000. On July 12, 2021, Anyswap's newly launched V3 cross-chain liquidity pool was also attacked by hackers, resulting in a total loss of over $7.87 million. In August 2021, Poly Network announced that its mainnet was hacked, and users' assets on BSC, Ethereum, and Polygon were transferred, totaling $610 million, making it the largest DeFi security event to date.
Due to the decentralized nature of blockchain technology, it can be very difficult to determine the responsible party when losses occur due to defects or vulnerabilities in smart contracts. In the event of user asset loss, whether the project party should bear related responsibilities is a complex issue.
In response, the project party can take two proactive measures:
Smart contract security audit. Ensure that smart contracts undergo security audits to prevent vulnerabilities and attacks. Since most cross-chain technologies directly involve finance and user funds, the design and implementation of cross-chain technology protocols need to consider security from the beginning, and it is not excessive to be rigorous. Additionally, it is preferable for the protocol to be audited by at least two security audit companies to reduce security risks. Avoid introducing unnecessary administrator identities, while limiting the deployment and administrator permissions of the protocol to prevent the entire protocol's funds from being at risk due to the leakage of a single account.
Drafting contracts. Ensure that the user agreements and contract terms between the project party, partners, investors, and users are clear and specific, and strive to specify the responsibilities and obligations of each party in the event of a security incident, as well as the compensation mechanism in the event of user asset loss.
Legal Risks of Project Token Issuance
The vast majority of cross-chain projects will have their own project tokens. Cross-chain entrepreneurs must understand that there are huge differences in the legal frameworks for blockchain and cryptocurrencies in different countries and regions. For example, the U.S. Securities and Exchange Commission (SEC) may consider certain tokens as securities, while the European Union may have completely different classifications. This means that when designing and implementing cross-chain solutions, various legal requirements and regulatory frameworks must be taken into account.
Token issuance is an especially sensitive issue in China. On September 4, 2017, the People's Bank of China and six other departments issued the "Announcement on Preventing the Risks of Fundraising Through Coin Offerings," explicitly stating that the issuance of tokens for fundraising is essentially an illegal public fundraising activity without approval, involving illegal issuance of token vouchers, illegal issuance of securities, illegal fundraising, financial fraud, pyramid schemes, and other illegal and criminal activities. It requires that from the date of the announcement, all types of token fundraising activities should be stopped immediately, and organizations and individuals that have completed token fundraising should make arrangements for refunds.
If the project party issues tokens to users in mainland China, it is treading on regulatory high-voltage wires.
KYC, KYT, and AML
As mentioned in the introduction, Multichain was arrested, and according to public media reports, it was involved in money laundering for criminal groups, involving a significant amount of money. Due to certain characteristics of cross-chain technology such as anonymity and difficulty in tracking, it makes it an easy target for criminal groups to use for money laundering.
Specifically, due to the involvement of multiple different blockchain networks in asset transfers, some networks may have higher levels of anonymity and privacy protection, such as zero-knowledge proofs or privacy coins, making it easier for money launderers to conceal the sources and destinations of their fund flows. At the same time, the involvement of multiple blockchain networks in cross-chain transfers makes tracking and monitoring these transactions more complex. Some cross-chain protocol designs also make transaction records more difficult to trace or monitor, providing more opportunities for money laundering activities.
According to statistics from the Ouke Cloud Chain Research Institute, money laundering, fraud, pyramid schemes, and gambling are the four most common forms of virtual currency crimes in 2022, with 54.72% of virtual currency crimes related to money laundering and 21.13% related to fraud.
Governments around the world do not like virtual currencies, and a very important reason is that they have been misused by bad actors. Once criminal organizations are targeted by regulatory authorities, cross-chain projects that assist criminal groups with their illicit assets naturally cannot escape involvement. And cross-chain projects certainly cannot defend themselves as being technologically neutral. In August 2022, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned the mixer Tornado Cash. According to the sanction document, since its creation in 2019, Tornado has been used to launder over $7 billion worth of crypto assets, including over $455 million in crypto assets stolen by the North Korean hacker group Lazarus Group from two blockchain applications.
Implementing KYC and AML can effectively mitigate the aforementioned risks.
KYC (Know Your Customer): Designing and implementing effective KYC processes is the first step in ensuring business compliance. This includes collecting and verifying customers' identity information, such as names, addresses, identification documents, and other relevant data. Ensure that the KYC process complies with local legal requirements and undergoes continuous updates and reviews. It is important to ensure compliance with privacy regulations when collecting and processing personal data, and to clearly inform users of the data collection and usage methods. KYC is more suitable for the fiat world, while KYT is more suitable for the blockchain world.
KYT (Know Your Transaction): KYT is a process used by financial institutions to monitor and track financial transactions for fraud or suspicious activities. KYT can help financial institutions identify the source and destination of each transaction, assess transaction risks, take appropriate measures, and report suspicious transactions to regulatory authorities. KYT differs from the commonly used KYC in the traditional financial field. KYC mainly focuses on customer identity information and is more concerned with the static identities of specific individuals or institutions, while KYT mainly focuses on the dynamic transaction processes of customers. In the traditional financial field, KYT is currently a bonus, but in virtual asset trading, KYT may become a necessity to address risks.
The reason is that in the blockchain world, there is no process similar to opening a bank account that requires a large amount of identity verification materials. People in the crypto community can open accounts on their own, and can create countless anonymous on-chain addresses. In this situation, it is difficult to know the real identity of the other party through a string of random wallet addresses, let alone prevent money laundering. KYT will help blockchain users identify which addresses and transactions pose risks, find black addresses of suspicious illegal transactions, and trace the origin and destination of transactions from the black addresses. Suspicious transaction behavior, trading addresses in the dark web, their associated addresses, and the KYC records of an address on an exchange can link on-chain addresses to corresponding entities, thereby linking the anonymous on-chain world to offline identities.
AML (Anti-Money Laundering): Implement effective transaction monitoring mechanisms to identify and report any suspicious or abnormal transaction activities. Use technological tools and systems to monitor customers' transaction patterns, fund flows, and risk behaviors, and take necessary measures to investigate and report promptly.
Effective KYC, KYT, and AML measures can reduce the risks associated with money laundering, terrorist financing, and other financial crimes, and build trust and reputation, providing a safer and more reliable environment for businesses and users while safeguarding the security of the project party.
Summary
As more and more countries and regions include virtual asset anti-money laundering in their regulatory scope, institutions involved in the issuance and circulation of virtual assets inevitably need to supplement KYC due diligence with KYT to meet regulatory compliance requirements.
While pursuing technological innovation and business model exploration, cross-chain entrepreneurs must prioritize legal risk management. Only in this way can they ensure their own safety, and only on the basis of their own safety can there be long-term development of the project and security of user assets.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
